Apache HTTP Server mod_proxy Denial Of Service Vulnerability
Vulnerability Details
This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the mod_proxy module. The issue lies in the processing of HTTP headers when an invalid request is made. An attacker can leverage this flaw to crash a remote instance of Apache HTTP server.
Additional Details
Apache has issued an update to correct this vulnerability. More details can be found at:
http://httpd.apache.org/security/vulnerabilities_24.html
Disclosure Timeline
- 2014-04-07 - Vulnerability reported to vendor
- 2014-07-18 - Coordinated public release of advisory
Credit
AKAT-1
22733db72ab3ed94b5f8a1ffcde850251fe6f466
Marek Kroemeke